Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection I think - need to know what program to run


  • Please log in to reply
13 replies to this topic

#1 drewtou

drewtou

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 February 2014 - 02:21 PM

I have Win 8 and continuously get popups.  My computer is extremely slow too.  I have run, Spybot Search and Destroy, HiJackThis and CCleaner.  I'm still having the same troubles with now more Nasty popups.  What do I need to run to get this infection off.

Edited by Queen-Evie, 15 February 2014 - 02:59 PM.
moved from Windows 8 to the appropriate forum for malware removal


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:44 AM

Posted 15 February 2014 - 02:40 PM

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  When the installation has finished, make sure you leave both of these checked:
 
    Update Malwarebytes' Anti-Malware
 
    Launch Malwarebytes' Anti-Malware
 
Then click on Finish.
 
3)  MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. 
 
4)  Click on perform Quick Scan, then click on the Scan button.
 
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
 
5)  The scan will now begin, this may take some time to complete so please be patient.
 
6)  When the scan is finished click on Show Results to display all objects found.
 
7)  Click OK to close the message box and continue with the removal process.
 
8)  Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
 
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
 
9)  When removal is completed, a log will open in Notepad.
 
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
 
Important:  If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Please copy the Malwarebytes log and paste it in your next post.
 
To locate this file right click on the Start orb and choose Open Windows Explorer, then click on C: drive.
 
When the C: drive opens click on the following:  ProgramData, Malwarebytes, Malwarebytes' Anti-Malware, Logs.  
 
If there is more than one log, choose the log with the date that you ran scan that I requested.
 
 
If there are a large number of items found you can go into Settings and click on Scanner Settings to change the setting in Action for potentially unwanted programs (PUP) to Show in results list and check for removal.
 
 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 February 2014 - 04:21 PM

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by Tia on Sat 02/15/2014 at 15:59:09.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\otshot
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL


#4 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 February 2014 - 04:25 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.15.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Tia :: TIASTEVENS [administrator]
 
2/15/2014 2:59:09 PM
mbam-log-2014-02-15 (14-59-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235056
Time elapsed: 9 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)


#5 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 February 2014 - 04:47 PM

I'm wondering how long the AdwCleaner takes.  It has been running for about 10minutes.  It just says Pending, please uncheck the items you don't want to remove.  



#6 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 February 2014 - 05:05 PM

# AdwCleaner v3.018 - Report created 15/02/2014 at 16:57:12
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Tia - TIASTEVENS
# Running from : C:\Users\Tia\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Tia\AppData\Roaming\Mozilla\Firefox\Profiles\kmz3tiys.default\ValueApps
Folder Deleted : C:\Users\Tia\AppData\Roaming\Mozilla\Firefox\Profiles\kmz3tiys.default\CT3298566
Folder Deleted : C:\Users\Tia\AppData\Roaming\Mozilla\Firefox\Profiles\kmz3tiys.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Folder Deleted : C:\Users\Tia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Tia\AppData\Roaming\Mozilla\Firefox\Profiles\kmz3tiys.default\prefs.js ]
 
Line Deleted : user_pref("CT3298566.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3298566.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3298566.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.FF19Solved", "true");
Line Deleted : user_pref("CT3298566.FirstTime", "true");
Line Deleted : user_pref("CT3298566.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3298566.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3298566.UserID", "UN12831842473174321");
Line Deleted : user_pref("CT3298566.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3298566.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3298566.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298566.countryCode", "US");
Line Deleted : user_pref("CT3298566.defaultSearch", "true");
Line Deleted : user_pref("CT3298566.enableAlerts", "true");
Line Deleted : user_pref("CT3298566.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3298566.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3298566.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3298566.fixUrls", true);
Line Deleted : user_pref("CT3298566.fullUserID", "UN12831842473174321.IN.20130724173320");
Line Deleted : user_pref("CT3298566.homepageuserchanged", true);
Line Deleted : user_pref("CT3298566.installDate", "24/07/2013 17:33:20");
Line Deleted : user_pref("CT3298566.installId", "cid111");
Line Deleted : user_pref("CT3298566.installSessionId", "{86E46996-98D1-49A1-AB8E-436A6C9F97DE}");
Line Deleted : user_pref("CT3298566.installSp", "TRUE");
Line Deleted : user_pref("CT3298566.installUsage", "2013-07-25T00:36:18.3645079+03:00");
Line Deleted : user_pref("CT3298566.installUsageEarly", "2013-07-25T00:36:12.9202824+03:00");
Line Deleted : user_pref("CT3298566.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3298566.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3298566.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3298566.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298566.keyword", "true");
Line Deleted : user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN12831842473174321&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3298566.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3298566.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJhNmZlNWViYS1iMWJlLTRjYTAtYjAyNC1hOGIwZTBiN2VlMzQiLCJ[...]
Line Deleted : user_pref("CT3298566.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Line Deleted : user_pref("CT3298566.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298566.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3298566.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3298566.mam_gk_userId.enc", "ZTQ3MjZlMTktNzg2NS00YTdjLThjYWYtYjlhNTE5NmQ3MDE2");
Line Deleted : user_pref("CT3298566.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3298566.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Facebook\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp[...]
Line Deleted : user_pref("CT3298566.openThankYouPage", "false");
Line Deleted : user_pref("CT3298566.openUninstallPage", "true");
Line Deleted : user_pref("CT3298566.originalHomepage", "about:home");
Line Deleted : user_pref("CT3298566.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298566.originalSearchEngine", "");
Line Deleted : user_pref("CT3298566.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298566.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3298566.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3298566.searchRevert", "false");
Line Deleted : user_pref("CT3298566.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchUserMode", "2");
Line Deleted : user_pref("CT3298566.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298566\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV30.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V30 \"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_services_Configuration_lastUpdate", "1392416227468");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377138476133");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appTracking_lastUpdate", "1377138476125");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appsMetadata_lastUpdate", "1377292043039");
Line Deleted : user_pref("CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377138479998");
Line Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1374701780042");
Line Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1374701800734");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377278585623");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.70.5_lastUpdate", "1374701799585");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.19.2.505_lastUpdate", "1379177062674");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.20.1.508_lastUpdate", "1380568319279");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.21.1.507_lastUpdate", "1383663361662");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385162521453");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386702928983");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.23.0.822_lastUpdate", "1392467775481");
Line Deleted : user_pref("CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377138476515");
Line Deleted : user_pref("CT3298566.serviceLayer_services_searchAPI_lastUpdate", "1392416227451");
Line Deleted : user_pref("CT3298566.serviceLayer_services_serviceMap_lastUpdate", "1392416226824");
Line Deleted : user_pref("CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377138478641");
Line Deleted : user_pref("CT3298566.serviceLayer_services_toolbarSettings_lastUpdate", "1392467775912");
Line Deleted : user_pref("CT3298566.serviceLayer_services_translation_lastUpdate", "1392416226501");
Line Deleted : user_pref("CT3298566.settingsINI", true);
Line Deleted : user_pref("CT3298566.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3298566.showToolbarPermission", "false");
Line Deleted : user_pref("CT3298566.startPage", "true");
Line Deleted : user_pref("CT3298566.toolbarBornServerTime", "25-7-2013");
Line Deleted : user_pref("CT3298566.toolbarCurrentServerTime", "15-2-2014");
Line Deleted : user_pref("CT3298566.toolbarLoginClientTime", "Wed Jul 24 2013 17:36:39 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3298566.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3298566.xpeMode", "0");
Line Deleted : user_pref("CT3298566_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1392470275389,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_userBornDate.storedInFile", false);
 
-\\ Google Chrome v28.0.1500.72
 
[ File : C:\Users\Tia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
[ File : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [25838 octets] - [15/02/2014 15:48:23]
AdwCleaner[R1].txt - [21311 octets] - [15/02/2014 16:27:16]
AdwCleaner[S0].txt - [21092 octets] - [15/02/2014 16:57:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21153 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by Tia on Sat 02/15/2014 at 15:59:09.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\otshot
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbhelper.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\conduit
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.IEToolbar.1
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB07898
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB07898.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.IEToolbar.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB07898.TBSB07898.3
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB07898
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB07898.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A72DEFD6-FA80-4D77-A97D-9F207F48BF65}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Tia\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Tia\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Tia\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Tia\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Tia\appdata\locallow\toolbar4"
Failed to delete: [Folder] "C:\Program Files (x86)\conduit"
Failed to delete: [Folder] "C:\ProgramData\ask"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Tia\AppData\Roaming\mozilla\firefox\profiles\kmz3tiys.default\user.js
Successfully deleted: [Folder] C:\Users\Tia\AppData\Roaming\mozilla\firefox\profiles\kmz3tiys.default\smartbar
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\lesstabs@lesstabs.com
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\lesstabs@lesstabs.com
Successfully deleted the following from C:\Users\Tia\AppData\Roaming\mozilla\firefox\profiles\kmz3tiys.default\prefs.js
 
user_pref("CT3298566.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12831842473174321&UM=2&q=");
user_pref("CT3298566.installType", "conduitnsisintegration");
user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN1283184247317432
user_pref("CT3298566.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3298566.search.searchAppId", "130110228003246321");
user_pref("CT3298566.search.searchCount", "2");
user_pref("CT3298566.smartbar.CTID", "CT3298566");
user_pref("CT3298566.smartbar.Uninstall", "0");
user_pref("CT3298566.smartbar.homepage", "true");
user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 ");
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V30 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12831842473174321&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566");
user_pref("browser.search.defaultenginename", "MixiDJ V30 Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN12831842473174321&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "MixiDJ V30 Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://www.swagbucks.com/");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12831842473174321&UM=2&q=");
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN12831842473174321&UM=2&SearchSource=13");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12831842473174321&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
user_pref("smartbar.homePageOwnerCTID", "CT3298566");
user_pref("smartbar.machineId", "TGCI7H9VZ2XTBB5J5RHJKNI0JERNZSUW/ZDN3SM645TQNRO8KZTXVLFWXTZ+5S0EXG/A554H5KCWVFCVOVIQOW");
user_pref("toparcadehits.settings.addon_data", "hxxp://tt.toparcadehits.com/cmn?p=OTIxNzI2ODY3MtI4eIiWvvi%2B%2FSBH4MGyimNEi6wfhC%2FLyknP0WnaOIzR%2BCOwmcYBV9fpQW8wGyozgDIIvPfsk
Emptied folder: C:\Users\Tia\AppData\Roaming\mozilla\firefox\profiles\kmz3tiys.default\minidumps [7 files]
 
 
 
~~~ Chrome
 
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Tia\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/15/2014 at 16:12:35.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:44 AM

Posted 15 February 2014 - 06:42 PM

Is the computer running better?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 February 2014 - 09:33 PM

It is still running slow. I don't have the pop up though. What antiviral should I download?

#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:44 AM

Posted 16 February 2014 - 10:06 AM

Avast is one of the better freeware antivirus.

 

Please rerun Malwarebytes, this time run the long test and post the entire log.

 

 

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 17 February 2014 - 03:08 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Tia :: TIASTEVENS [administrator]

2/17/2014 9:44:22 AM
mbam-log-2014-02-17 (09-44-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373113
Time elapsed: 1 hour(s), 22 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#11 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 17 February 2014 - 03:15 PM

http://speccy.piriform.com/results/6nIeH0BwM3gUwvIjZdvo7H2


Can you send me a trusted link to Avast.  Thank you



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:44 AM

Posted 17 February 2014 - 03:18 PM

Can you send me a trusted link to Avast.  Thank you

 

You will find the link at the top of the page in post #9.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 drewtou

drewtou
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 17 February 2014 - 07:05 PM

Thanks, sorry about not seeing that.  Does everything else I posted to you look good. 

I have had Java in the past, is it necessary to have for things to run smoothly?



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:44 AM

Posted 18 February 2014 - 12:32 PM

You are running Webroot antivirus, you should not run two antivirus programs together as this will result if false positives and can cause system crashes.

 

I would like for you to run two scans, chkdsk /r and sfc /scannow, in that order.

 

 

Chkdsk /r checks for bad sectors on the hdd and recovers any readable information.
 
Click on the Start orb and type in cmd in the Search programs and files box.  When cmd is seen in Programs above the Search box right click on it, then click on Run as administrator.
 
You will see a screen similar to the one below.
 
Screenshot2.jpg
 
Type in chkdsk c:/r then press Enter.  Please notice the space between the chkdsk and the /r.
 
You will receieve the message "CHKDSK cannot be run because it is in use by another process.  Would you like to schedule this volume to be checked the next time the system restarts?  <Y/N>".
 
Type in Y and press Enter.
 
Restart your computer to start the scan.
 
This will take a while to run, please be patient and allow it to complete the scan.
 
 

Click on the Sart orb and then type cmd in the Search programs and files box.
 
In the pane above the search box Programs will appear with cmd below it, right click on cmd and choose Run as administrator.
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.
 
A page similar to the one above will open.
 
Type in sfc /scannow and then press Enter to start the scan.  Please notice the space between sfc and the /scannow.
 
If the scan finds no integrity  problems in the first portion of the scan it should stop, to be sure that the scan has stopped wait five minutes, then type in exit and press Enter to stop the scan.

Edited by dc3, 18 February 2014 - 12:32 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users